Books

Tuesday, 12 July 2011

Measures to protect (University) domain registrations and DNS against attacks

Universities have as significant an economic and Intellectual Property/Trademark investment in domain names as major brands. In my 12 July 2011 presentation at the Summer 2011 ESCC/Internet2 Joint Techs Conference in Fairbanks, Alaska, I encouraged attendees to think outside dot EDU and consider whether their university domain name portfolios are as vulnerable to hijackings, squatting, attacks or misuse as major enterprise portfolios.

Universities: Take Inventory of Your Domains

One of the important messages I hoped to convey to attendees was the value of taking inventory of registrations of their university name (or trademark). To make the point, I searched Whois for registrations that had a well known (and trademarked) university name as the second-level label in seven top level domains: COM, NET, ORG, BIZ, INFO, EDU, and US. The seven instances of the univerisity "label" were registered through five different registrars: three by the University, one by an online brand registrar, and three by a party with no apparent affiliation with the university. All of the three "unaffiliated" registrations hosted pay-per-click pages and indicated the domains were for sale. I asked the audience whether they were confident that someone at their university had a complete and accurate inventory of domains containing their name (trademark).

With the stage set in this manner, I discussed threats against domain names and DNS, both operational (e.g., DOS) and socially engineered (e.g., hijackings) and discuss measures ICANN's Security and Stability Advisory Committee (SSAC) recommends to treat and protect an organization's domain names as critical assets.